Error trying to open TR after setup for InCommon

By: Eli Sy user 17 Sep 2020 at 10:17 a.m. CDT

9 Responses
Eli Sy gravatar
After configuring a trust relationship for incommon and setting the URL for their metadata, every time I try to open it for further config I get an "Oops Something went wrong" error page. It seems like it's only happening with this TR, potentially because of the amount of metadata that's pulled bc it's a federation? This happens in 4.2.0 final and the 4.2.1_441 dev release.
Rhel 7.0
closed

Answers

By Michael Schwartz Account Admin 17 Sep 2020 at 10:22 a.m. CDT

Copy
Michael Schwartz gravatar
How much RAM does your server have? The InCommon metadata is huge.

By Eli Sy user 17 Sep 2020 at 10:26 a.m. CDT

Copy
Eli Sy gravatar
It has 12GB and the container is set to use all of it, how much more would you suggest? This is why I'm looking forward to MDQ implementation.

By Michael Schwartz Account Admin 17 Sep 2020 at 10:31 a.m. CDT

Copy
Michael Schwartz gravatar
Is there any error message in the `/opt/gluu/jetty/identity/logs/` ?

By Eli Sy user 17 Sep 2020 at 10:52 a.m. CDT

Copy
Eli Sy gravatar
Nothing of note in /opt/gluu/jetty/identity/logs/oxtrust.log Best,

By Michael Schwartz Account Admin 17 Sep 2020 at 11:50 a.m. CDT

Copy
Michael Schwartz gravatar
ok... I get the same behavior. It's a bug. Probably because the metadata is too big to parse. However... you don't really need to look at it for now :-) ![](https://i.ibb.co/gmqp6M0/incommon-tr.png) When you setup a new Trust Relationship, use `Metadata Location: Federation` and select InCommon, the hit the link to enable you to select the SP with which you want SSO. Issue raised in Github: [oxTrust-2029](https://github.com/GluuFederation/oxTrust/issues/2029)
Video or screenshot link

By Eli Sy user 17 Sep 2020 at 12:22 p.m. CDT

Copy
Eli Sy gravatar
Gotcha. Is there a workaround to delete them? I think I have too many attributes being sent in the config for it.

By Eli Sy user 18 Sep 2020 at 10:17 a.m. CDT

Copy
Eli Sy gravatar
Better question, how would you properly setup Gluu with InCommon without running into this bug? It's why I was attracted to Gluu primarily.

By Mohib Zico staff 21 Sep 2020 at 6:21 a.m. CDT

Copy
Mohib Zico gravatar
>> how would you properly setup Gluu with InCommon without running into this bug? Here is one config from one EDU customer who has 50~60 InCommon affiliated Trust relationships in their Production. JVM configuration might be different for 4.x system but take a look at memory allocation please. ``` root@ip-xxxx:~# cat /etc/default/identity JAVA_HOME=/opt/jre JAVA=$JAVA_HOME/bin/java JAVA_OPTIONS="-server -Xms6g -Xmx6g -XX:MaxMetaspaceSize=512m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/identity -Dlog.base=/opt/gluu/jetty/identity -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000" JETTY_HOME=/opt/jetty JETTY_BASE=/opt/gluu/jetty/identity JETTY_USER=jetty JETTY_ARGS="jetty.http.host=localhost jetty.http.port=8082" TMPDIR=/opt/jetty-9.4/temp export PYTHON_HOME=/opt/jython root@ip-xxxx:~# cat /etc/default/idp JAVA_HOME=/opt/jre JAVA=$JAVA_HOME/bin/java JAVA_OPTIONS="-server -XX:+UseConcMarkSweepGC -Xss24m -Xms2g -Xmx6g -XX:NewRatio=1 -XX:MaxGCPauseMillis=200 -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp" JETTY_HOME=/opt/jetty JETTY_BASE=/opt/gluu/jetty/idp JETTY_USER=jetty JETTY_ARGS="jetty.http.host=localhost jetty.http.port=8086" TMPDIR=/opt/jetty-9.4/temp root@ip-xxxx:~# ```

By Eli Sy user 21 Sep 2020 at 12:26 p.m. CDT

Copy
Eli Sy gravatar
Thank you

Post an answer